Current documentation for 7.13.2 and capsman

toolongformt · Thu Jan 25, 2024 9:28 pm

hi, where can I find the corresponding guide for capsman under ROS 7.13.2?
If possible, also a kind of troubleshooting hints for the most common mistakes a user could make...

Thank you!

Thu Jan 25, 2024 9:37 pm

Right here for wave2:
https://help.mikrotik.com/docs/display/ ... iFiCAPsMAN

For legacy wifi:
https://help.mikrotik.com/docs/display/ROS/CAPsMAN

toolongformt · Thu Jan 25, 2024 10:36 pm

thank you.
It doesn't contain what I need; with the configuration based on the guide my wifi doesn't come up for longer than 1 minute.
After this time they say goodbye and I cannot bring them back.

CRS 112 with 7.13.2 (I refuse to downgrade, I'll wait for updates, as long as it takes until it runs stable).
And 2 Accesspoints with a long name I don't remember, also with 7.13.2

I won't forget this one minute when I saw popping up the wifi on my iPad. Unfortunately as soon as I made a speedtest, the phone switched back to my productive wifi, I wasn't even able to run at least one speed test.

Thu Jan 25, 2024 10:48 pm

In that case you should know the next action already.
(no, rest assured, it's not reset

)

Export of your config please so we can check what you did.

toolongformt · Thu Jan 25, 2024 11:03 pm

In that case you should know the next action already.
(no, rest assured, it's not reset )

Export of your config please so we can check what you did.

no reset???

It's easily possible that the config contains already too much. After the working config passed away, I configured it the same way as my single access point that I use in my productive network; here is the ap also a capsman at the same time. But the config is the same (regardless of IP, security etc...). Oh, and the other one is not 7.13.2, it's something earlier...

What do I mean with "I configured it": Yesterday we ended up with a working basic configuration (routing, DHCP, worked like expected).
Since then I didn't change anything but the capsman parts. They worked for a minute, then both APs went off, I didn't see wifi on any devices.
After that I double checked the settings with winbox and configured the same as in my single access point (wapRac) (which is in another network).

That's all. Only thing I see, is the firmware. I'm quite sure 7.13.2 doesn't work on my devices. In any other case they would run in the meantime.

# model = CRS112-8P-4S
# serial number = jupdiddldoooooo
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=40mhz-turbo name=channel1
add band=2ghz-b/g/n control-channel-width=5mhz name=channel2
/interface bridge
add admin-mac=48:A9:8A:B5:C3:2A auto-mac=no comment=defconf name=bridge
/caps-man interface
add disabled=no l2mtu=1600 mac-address=48:A9:8A:89:E3:C4 master-interface=none name=cap1 radio-mac=48:A9:8A:89:E3:C4 radio-name=48A98A89E3C4
add disabled=no l2mtu=1600 mac-address=48:A9:8A:89:E3:C5 master-interface=none name=cap2 radio-mac=48:A9:8A:89:E3:C5 radio-name=48A98A89E3C5
add disabled=no l2mtu=1600 mac-address=48:A9:8A:89:E9:56 master-interface=none name=cap3 radio-mac=48:A9:8A:89:E9:56 radio-name=48A98A89E956
add disabled=no l2mtu=1600 mac-address=48:A9:8A:89:E9:57 master-interface=none name=cap4 radio-mac=48:A9:8A:89:E9:57 radio-name=48A98A89E957
/caps-man datapath
add bridge=bridge name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1
/caps-man configuration
add channel.band=5ghz-a/n/ac country=germany datapath=datapath1 datapath.bridge=bridge installation=any mode=ap name=g21-wlan-intern security=security1 ssid=G21-intern
add channel.band=2ghz-b/g/n country=germany datapath=datapath1 datapath.bridge=bridge installation=any name=g21_2.4 security=security1 ssid=G21-2.4
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/ip pool
add name=dhcp-pool-intern ranges=192.168.21.130-192.168.21.180
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp-pool-intern interface=bridge name=dhcp1
/port
set 0 name=serial0
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=g21-wlan-intern
add action=create-dynamic-enabled disabled=yes master-configuration=g21_2.4
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=sfp9
add bridge=bridge comment=defconf interface=sfp10
add bridge=bridge comment=defconf interface=sfp11
add bridge=bridge comment=defconf interface=sfp12
add bridge=bridge interface=ether8
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=bridge list=LAN
add interface=ether1 list=WAN
/ip address
add address=192.168.21.254/24 comment=defconf interface=bridge network=192.168.21.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1
/ip dhcp-server network
add address=192.168.21.0/24 dns-server=10.43.210.11 domain=r403.local gateway=192.168.21.254 netmask=24 ntp-server=192.168.21.254
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ppp secret
add name=vpn
/system clock
set time-zone-name=Europe/Vienna
/system identity
set name=GW_G21
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=10.43.210.254

Thu Jan 25, 2024 11:12 pm

/caps-man channel
add band=5ghz-a/n/ac control-channel-width=40mhz-turbo name=channel1
add band=2ghz-b/g/n control-channel-width=5mhz name=channel2

If possible, use AC only, no turbo channel. Channel width=20/40/80mhz-Ceee
Similar, 2ghz n-only, channel width=20/40mhz-Ce (if a lot of other 2.4GHz APs are in the area, stick to 20MHz)

Set frequency for both radios manually. Otherwise you do not know what will be taken.
DFS frequencies can take up to 15 minutes before they appear.
Use frequency scanner on wireless tab to check which one is least occupied.
Typical settings:
2.4Ghz: 1/6/11 scheme (=2412/2437/2462 MHz)
5Ghz (if using 80MHz width): ch36/5180MHz - ch52/5260MHz - ch100/5500MHz - ch132/5660MHz

toolongformt · Thu Jan 25, 2024 11:14 pm

Code: Select all
/caps-man channel
add band=5ghz-a/n/ac control-channel-width=40mhz-turbo name=channel1
add band=2ghz-b/g/n control-channel-width=5mhz name=channel2
If possible, use AC only, no turbo channel. Channel width=20/40/80mhz-Ceee
Similar, 2ghz n-only, channel width=20/40mhz-Ce (if a lot of other 2.4GHz APs are in the area, stick to 20MHz)

Set frequency for both radios manually. Otherwise you do not know what will be taken.
DFS frequencies can take up to 15 minutes before they appear.
Use frequency scanner on wireless tab to check which one is least occupied.
Typical settings:
2.4Ghz: 1/6/11 scheme (=2412/2437/2462 MHz)
5Ghz (if using 80MHz width): ch36/5180MHz - ch52/5260MHz - ch100/5500MHz - ch132/5660MHz

I played around with all possible settings, they make no difference. The config you see, is just one of some hundred I tried.
I tried as well to set the channel etc as a preconfigured setting, or directly configured, doesn't make a change.

Thu Jan 25, 2024 11:17 pm

The whole idea is to get a stable working config first, then you can tweak and experiment.
Set the frequency manually so you know what it will be.
Then work from there.

If you look in Winbox / wireless it should show if DFS time-out is active.

toolongformt · Thu Jan 25, 2024 11:23 pm

The whole idea is to get a stable working config first, then you can tweak and experiment.
Set the frequency manually so you know what it will be.
Then work from there.

If you look in Winbox / wireless it should show if DFS time-out is active.

ok.. but most of what you write is just not there to configure... I have much less to chose.
Eg. you talk about

no turbo channel. Channel width=20/40/80mhz-Ceee

that's not there. I have 5-10-20 in 5 GHz
In 2Ghz I have 5-10-20-40t

ceee and those things are not there.

Thu Jan 25, 2024 11:26 pm

Ah yes, you're going via capsman.

Then it should be extension Ce for 2.4Ghz, Ceee for 5Ghz.
Width shouldn't be set then (leave unselected)

toolongformt · Thu Jan 25, 2024 11:28 pm

The whole idea is to get a stable working config first, then you can tweak and experiment.

Don't get me wrong, I didn't experiment, I tried to get a fu***g config that my APs finally are ready to use.
Mikrotik, could you please advertise those things with "caution, they don't do the most of what can be configured, they are dumb as hell, only one of 10.000 combinations will work, and it's on you as a customer to successfully graduate as a physics+electronic+IT expert to get the knowledge about wifi. Just configure 5 GHz and hope you will see something, is not the way we want to go..."

infabo · Fri Jan 26, 2024 12:20 am

It's actually pretty easy: configure what's necessary and keep defaults where possible. Forget that channel alignment stuff and channel width, fixed channel frequency and so on. Not necessary for get it up and running.

Fri Jan 26, 2024 7:50 am

On frequency I highly disagree.
Most problems are with wrong frequencies being selected in high interference areas or even DFS range with constant disconnects because of the wait time.

Start with default, yes.
Set frequency.
Then tweak / optimize.

toolongformt · Fri Jan 26, 2024 9:47 am

I can set what I want, there's no CAP interface.
And nothing happens.
Either something is missing, or 7.13.2 is really not running.
I have a deadline. This evening. Either I get this stuff running (stable, reliable), or I'll throw it into the recycle bin.
Just to be on the safe side, I already ordered a set of access point from HP. They offer a simple installer, even for IOS, it's plug and play. A friend of me tried it and was up and running in 10 minutes. Without an issue ever.
On the other side an IT systems engineer that struggles half a year to learn how to get an access point up and running.
Best of all: I HAVE one AP up and running, and exactly the same config (IPs etc corrected) doesn't work for the second set of equipment.

I don't get it

toolongformt · Fri Jan 26, 2024 9:54 am

It's actually pretty easy: configure what's necessary and keep defaults where possible. Forget that channel alignment stuff and channel width, fixed channel frequency and so on. Not necessary for get it up and running.

and what IS necessary?
And please, if possible, post a link to the guide that explains what is necessary. I don't want to "only" refer on personal experience, though (of course) I appreciate that.

infabo · Fri Jan 26, 2024 10:16 am

https://help.mikrotik.com/docs/pages/vi ... Id=1409149

"Read" the screenshots of the "Simple setup of a CAPsMAN system" section.

toolongformt · Fri Jan 26, 2024 10:19 am

https://help.mikrotik.com/docs/pages/vi ... Id=1409149

"Read" the screenshots of the "Simple setup of a CAPsMAN system" section.

Thanks. I'm here because that is not enough to get it up and running.
I'm at troubleshooting for over a week now, what is missing in the guide.

I don't find the place where it tells me what to do, when there are no CAP interfaces listet

infabo · Fri Jan 26, 2024 10:19 am

I have a deadline. This evening. Either I get this stuff running (stable, reliable), or I'll throw it into the recycle bin.

Please follow the disposal guidelines of your local waste disposal authority.

infabo · Fri Jan 26, 2024 10:25 am

I'm at troubleshooting for over a week now, what is missing in the guide.

I don't see anything missing in this guide. It shows how to create a capsman configuration, create the provisioning rules and enable capsman service (capsman manager). What are you having problems with? CAPs not beeing provisioned?

toolongformt · Fri Jan 26, 2024 10:26 am

I have a deadline. This evening. Either I get this stuff running (stable, reliable), or I'll throw it into the recycle bin.
Please follow the disposal guidelines of your local waste disposal authority.

yes, we have a centralized disposal system for electronic devices. A lot of stuff has its end here - mostly 20 year old printer etc.

Fri Jan 26, 2024 11:31 am

Try changing control channel width on both entries here to 20MHz, and just in case for 40/80MHz or higher width you need to use extensions channels, not wider control channel width. 40MHz turbo is for legacy devices. And only a limited set of devices support 5MHz control channel width. So it might be part of the cause for issues here.

add band=5ghz-a/n/ac control-channel-width=40mhz-turbo name=channel1
add band=2ghz-b/g/n control-channel-width=5mhz name=channel2

Though they are not referenced in configuration profile.
You only have a single enabled provisioning rule for 5GHz interfaces, so 2.4GHz won't provision
To remove chance for user error, I'd recommend using provisioning rules, instead of adding static CAP interfaces

Generally CAPsMAN configuration is quite simple, the requirements are:
1) basic configuration profile that can be provisioned to CAPs - just setting SSID,country and security would be enough, or rather the most foolproof approach, you can experiment with channels and other parameters after its confirmed as working.
2) provisioning rule that assigns this configuration, if you have multiple configurations - different one for each band for example, you can create multiple rules, just make sure that hw-supported-bands are set correctly for each.
3) enabled CAPsMAN service
4) enabled CAP service on CAP.

In your scenario, it would be recommended to check under remote-caps, if they are connected, if they are connected, but don't provision there is some mismatch in configuration or provisioning rules.
If they are not connected, you can check logs on CAP and CAPsMAN to see if there are any revel ant messages there, but likely something is not turned on. You can also check if specifying IP address on CAP for which CAPsMAN to connect to, would help. Specifying CAPsMAN IP will force CAP to use IP connection instead of MAC.
Types of CAPs are also important to consider - you can't manage Wifi CAPs using Wireless CAPsMAN, Wifi CAPs can be managed only with Wifi CAPsMAN

toolongformt · Fri Jan 26, 2024 12:06 pm

If they are not connected, you can check logs on CAP and CAPsMAN to see if there are any revel ant messages there, but likely something is not turned on. You can also check if specifying IP address on CAP for which CAPsMAN to connect to, would help. Specifying CAPsMAN IP will force CAP to use IP connection instead of MAC.
Types of CAPs are also important to consider - you can't manage Wifi CAPs using Wireless CAPsMAN, Wifi CAPs can be managed only with Wifi CAPsMAN

I see them as connected... State: running, each AP with 2 Radios. Like expected.

toolongformt · Fri Jan 26, 2024 12:23 pm

Types of CAPs are also important to consider - you can't manage Wifi CAPs using Wireless CAPsMAN, Wifi CAPs can be managed only with Wifi CAPsMAN

ok, thank you.
Please help me, those are my devices:
https://mikrotik.com/product/cap_ac

Are they wireless or are they wifi?
I mean, in the first line of description it says "wireless access points", but if I should control them with wifi capsman, maybe that's a root cause...?

toolongformt · Fri Jan 26, 2024 12:36 pm

You only have a single enabled provisioning rule for 5GHz interfaces, so 2.4GHz won't provision
To remove chance for user error, I'd recommend using provisioning rules, instead of adding static CAP interfaces

That's what I'd like to have. But I have 2 provisioning rules. Which both don't seem to work.

toolongformt · Fri Jan 26, 2024 12:49 pm

I wanted to follow the idea of provisioning.
Therefore I need a rule.
I thought, I'd make that with a regex for Mac-address-based ...
I searched and found: viewtopic.php?t=197957
But instead of finding an answer how to regex, I find a guide how to not use regex and instead play with firewall rules...

toolongformt · Fri Jan 26, 2024 12:58 pm

I renamed the two access points with the same string at the beginning and used that as provisioning filter.
The APs seemed to re-provision. In menu CAP Interface I have 4 entries (cap 1-4), 3 went ready with provisioning in seconds, the 4th needed about 2 minutes.
But all provisioning didn't help, the radios don't send anything.

toolongformt · Fri Jan 26, 2024 1:39 pm

https://help.mikrotik.com/docs/pages/vi ... Id=1409149

"Read" the screenshots of the "Simple setup of a CAPsMAN system" section.

I read them. And I'm refusing to think I'm a complete idiot. It ISN'T that "easy", because the AP's refuse to do anything. They are registered, capsman sees them, but they don't publish wifi.

@all who want to help me: I'm not here to learn where the guide is, or how mikrotik's (untested?) theory is!
I bought this stuff over 2 weeks ago and since then I don't do anything other than reading the guides and trying to find out, which errors are made in the guides. Because they JUST DON'T WORK!

Sorry, but in the meantime I became more than disappointed and angry. I'm 4 hours prior to my deadline, which will lead in replacing this stuff by 10 year old used Cisco WAP371, which I'd be ready to buy. Not only because they deliver double the performance in 5 GHz...

infabo · Fri Jan 26, 2024 2:03 pm

You only have a single enabled provisioning rule for 5GHz interfaces, so 2.4GHz won't provision
To remove chance for user error, I'd recommend using provisioning rules, instead of adding static CAP interfaces

That's what I'd like to have. But I have 2 provisioning rules. Which both don't seem to work.

The second rule is disabled according to your export. So please review your settings pls.

toolongformt · Fri Jan 26, 2024 3:34 pm

That's what I'd like to have. But I have 2 provisioning rules. Which both don't seem to work.
The second rule is disabled according to your export. So please review your settings pls.

I'm trying out since 2 weeks, with little interruption. My config changes every minute 10 times. Even when I post something here, it's old, any often 2seconds later I already tried something different.

infabo · Fri Jan 26, 2024 3:38 pm

Even when I post something here, it's old, any often 2seconds later I already tried something different.

This is not a systematic approach and hinders you in troubleshooting.

toolongformt · Fri Jan 26, 2024 5:49 pm

Even when I post something here, it's old, any often 2seconds later I already tried something different.
This is not a systematic approach and hinders you in troubleshooting.

full acknowledge!
But doing nothing and waiting for help takes much too long - with all my respect and thanks to all supporters! But I also want to use the time to test everything, hoping to get a working solution.
On the other side, my time has run out, as I just go an email. I bought the devices for nothing, my friend didn't want to wait longer than 2 weeks in sum, I can keep the stuff now, he already bought HP; and told me that he was ready with configuring everything he needs, in under 15 minutes. With a MOBILE PHONE !!

From this moment it's gonna be just an expensive hobby to get those things running. Personally I don't need them, I have a stable and fast solution from Cisco that provides settings which cannot fail.

The one and only thing that hinders me in troubleshooting, is the fact, that knowledge from previous version don't seem to work with 7.13.2 anymore. Otherwise I wouldn't need week for getting wifi running.

infabo · Fri Jan 26, 2024 7:58 pm

Mikrotik has Smartphone Apps too.

Judging from the different threads I believe you are some kind of AI bot. Trained to troll forum users, not providing information, permanently ranting and venting, not interacting or just to a minimum reacting to other user suggestions/questions. It is really weird. It all started with a big complaint how dumb the forum signup is and then moved over to how crap this CRS112 is and then the big rant out on capsman. On another topic you'd said you have cap ACs, here you stated you have cap ac xl. so you even don't know what models you have or at least someone used inconsistent training data for the language model.

I am pretty sure, even though you say Cisco and HP is the best and can be set up by an imaginary friend in like 15mins and is up and running: you probably played the same "blame game" years ago over at some Cisco user forum.

toolongformt · Fri Jan 26, 2024 9:23 pm

I'm not a bot. Sadly, I wished I was, than I wouldn't bother about the fact, that I don't get the stuff running.

Here's the config, again. (You said, I don't post it, that's wrong. Check my postings please.)
I won't mask anything, you may even check the serial number!

[admin@GW_G21] > export  verbose 
# 2024-01-26 20:21:18 by RouterOS 7.13.2
# software id = BS5E-85HC
#
# model = CRS112-8P-4S
# serial number = HED08M1RJFA
/caps-man channel
add band=2ghz-b/g/n name=channel1
add band=5ghz-a/n/ac name=channel2
/caps-man configuration
add channel=channel2 country=albania installation=any mode=ap name=g21-wlan-intern-channel2_5GHz ssid=G21
/interface bridge
add admin-mac=48:A9:8A:B5:C3:2A ageing-time=5m arp=enabled arp-timeout=auto auto-mac=no comment=defconf dhcp-snooping=no disabled=no fast-forward=yes forward-delay=15s igmp-snooping=no max-message-age=20s mtu=auto name=bridge port-cost-mode=long priority=0x8000 protocol-mode=rstp transmit-hold-count=6 \
    vlan-filtering=no
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:2A mtu=1500 name=ether1 orig-mac-address=48:A9:8A:B5:C3:2A poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether2 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:2B mtu=1500 name=ether2 orig-mac-address=48:A9:8A:B5:C3:2B poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether3 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:2C mtu=1500 name=ether3 orig-mac-address=48:A9:8A:B5:C3:2C poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether4 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:2D mtu=1500 name=ether4 orig-mac-address=48:A9:8A:B5:C3:2D poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether5 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:2E mtu=1500 name=ether5 orig-mac-address=48:A9:8A:B5:C3:2E poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether6 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:2F mtu=1500 name=ether6 orig-mac-address=48:A9:8A:B5:C3:2F poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether7 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:30 mtu=1500 name=ether7 orig-mac-address=48:A9:8A:B5:C3:30 poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=ether8 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:31 mtu=1500 name=ether8 orig-mac-address=48:A9:8A:B5:C3:31 poe-lldp-enabled=no poe-out=auto-on poe-priority=10 poe-voltage=auto power-cycle-interval=none !power-cycle-ping-address power-cycle-ping-enabled=no !power-cycle-ping-timeout rx-flow-control=\
    off tx-flow-control=off
set [ find default-name=sfp9 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:32 mtu=1500 name=sfp9 orig-mac-address=48:A9:8A:B5:C3:32 rx-flow-control=off sfp-rate-select=high sfp-shutdown-temperature=95C tx-flow-control=off
set [ find default-name=sfp10 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:33 mtu=1500 name=sfp10 orig-mac-address=48:A9:8A:B5:C3:33 rx-flow-control=off sfp-rate-select=high sfp-shutdown-temperature=95C tx-flow-control=off
set [ find default-name=sfp11 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:34 mtu=1500 name=sfp11 orig-mac-address=48:A9:8A:B5:C3:34 rx-flow-control=off sfp-rate-select=high sfp-shutdown-temperature=95C tx-flow-control=off
set [ find default-name=sfp12 ] advertise=10M-baseT-half,10M-baseT-full,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX arp=enabled arp-timeout=auto auto-negotiation=yes bandwidth=unlimited/unlimited disabled=no l2mtu=1588 loop-protect=default loop-protect-disable-time=5m \
    loop-protect-send-interval=5s mac-address=48:A9:8A:B5:C3:35 mtu=1500 name=sfp12 orig-mac-address=48:A9:8A:B5:C3:35 rx-flow-control=off sfp-rate-select=high sfp-shutdown-temperature=95C tx-flow-control=off
/queue interface
set bridge queue=no-queue
/caps-man datapath
add bridge=bridge name=datapath1
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=security1
/caps-man configuration
add channel=channel1 channel.band=2ghz-b/g/n country=albania datapath=datapath1 datapath.bridge=bridge installation=any mode=ap name=g21-wlan-intern-channel1_2GHz security=security1 ssid=G21
/interface list
set [ find name=all ] comment="contains all interfaces" exclude="" include="" name=all
set [ find name=none ] comment="contains no interfaces" exclude="" include="" name=none
set [ find name=dynamic ] comment="contains dynamic interfaces" exclude="" include="" name=dynamic
set [ find name=static ] comment="contains static interfaces" exclude="" include="" name=static
add exclude="" include="" name=LAN
add exclude="" include="" name=WAN
/interface lte apn
set [ find default=yes ] add-default-route=yes apn=internet authentication=none default-route-distance=2 ip-type=auto name=default use-network-apn=yes use-peer-dns=yes
/interface macsec profile
set [ find default-name=default ] name=default server-priority=10
/interface wifi channel
add band=2ghz-ax disabled=no name=channel1
/interface wifi configuration
add country=Germany disabled=no mode=ap name=cfg1 security.connect-priority=0 ssid=G21-intern
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" disable-pmkid=no eap-methods=passthrough group-ciphers=aes-ccm group-key-update=5m interim-update=0s management-protection=disabled mode=none mschapv2-username="" name=default radius-called-format=mac:ssid radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-sta-private-algo=none static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=aes-ccm
/ip dhcp-client option
set clientid_duid code=61 name=clientid_duid value="0xff\$(CLIENT_DUID)"
set clientid code=61 name=clientid value="0x01\$(CLIENT_MAC)"
set hostname code=12 name=hostname value="\$(HOSTNAME)"
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=hotspot html-directory-override="" http-cookie-lifetime=3d http-proxy=0.0.0.0:0 install-hotspot-queue=no login-by=cookie,http-chap name=default smtp-server=0.0.0.0 split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] add-mac-cookie=yes address-list="" idle-timeout=none !insert-queue-before keepalive-timeout=2m mac-cookie-timeout=3d name=default !parent-queue !queue-type shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec mode-config
set [ find default=yes ] name=request-only responder=no use-responder-dns=exclusively
/ip ipsec policy group
set [ find default=yes ] name=default
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048,modp1024 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-128,3des hash-algorithm=sha1 lifetime=1d name=default nat-traversal=yes proposal-check=obey
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=dhcp-pool-intern ranges=192.168.21.130-192.168.21.180
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp-pool-intern authoritative=yes disabled=no interface=bridge lease-script="" lease-time=30m name=dhcp1 use-radius=no
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none stop-bits=1
/ppp profile
set *0 address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list !local-address name=default on-down="" on-up="" only-one=default !outgoing-filter !parent-queue \
    !queue-type !rate-limit !remote-address !session-timeout use-compression=default use-encryption=default use-ipv6=yes use-mpls=default use-upnp=default !wins-server
set *FFFFFFFE address-list="" !bridge !bridge-horizon bridge-learning=default !bridge-path-cost !bridge-port-priority change-tcp-mss=yes !dns-server !idle-timeout !incoming-filter !insert-queue-before !interface-list local-address=192.168.89.1 name=default-encryption on-down="" on-up="" only-one=default \
    !outgoing-filter !parent-queue !queue-type !rate-limit remote-address=vpn !session-timeout use-compression=default use-encryption=yes use-ipv6=yes use-mpls=default use-upnp=default !wins-server
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=pcq name=pcq-upload-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 6 kind=pcq name=pcq-download-default pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=128 pcq-limit=50KiB pcq-rate=0 pcq-src-address-mask=32 pcq-src-address6-mask=128 pcq-total-limit=2000KiB
set 7 kind=none name=only-hardware-queue
set 8 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 9 kind=pfifo name=default-small pfifo-limit=10
/queue interface
set ether1 queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
set ether6 queue=only-hardware-queue
set ether7 queue=only-hardware-queue
set ether8 queue=only-hardware-queue
set sfp9 queue=only-hardware-queue
set sfp10 queue=only-hardware-queue
set sfp11 queue=only-hardware-queue
set sfp12 queue=only-hardware-queue
/routing bgp template
set default as=65530 name=default
/snmp community
set [ find default=yes ] addresses=::/0 authentication-protocol=MD5 disabled=no encryption-protocol=DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=1000 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=flash/log disk-lines-per-file=1000 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=0.0.0.0 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto syslog-time-format=bsd-syslog target=remote
/user group
set read name=read policy=local,telnet,ssh,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!write,!policy skin=default
set write name=write policy=local,telnet,ssh,reboot,read,write,test,winbox,password,web,sniff,sensitive,api,romon,rest-api,!ftp,!policy skin=default
set full name=full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,rest-api skin=default
/caps-man aaa
set called-format=mac:ssid interim-update=disabled mac-caching=disabled mac-format=XX:XX:XX:XX:XX:XX mac-mode=as-username
/caps-man manager
set ca-certificate=auto certificate=auto enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/caps-man manager interface
set [ find default=yes ] disabled=no forbid=no interface=all
/caps-man provisioning
add action=create-dynamic-enabled common-name-regexp="" disabled=no hw-supported-modes="" identity-regexp=G21- ip-address-ranges="" master-configuration=g21-wlan-intern-channel1_2GHz name-format=cap name-prefix="" radio-mac=00:00:00:00:00:00 slave-configurations=""
add action=none common-name-regexp="" disabled=no hw-supported-modes="" identity-regexp="" ip-address-ranges="" master-configuration=g21-wlan-intern-channel2_5GHz name-format=cap name-prefix="" radio-mac=00:00:00:00:00:00 slave-configurations=""
/certificate settings
set crl-download=no crl-store=ram crl-use=no
/interface bridge port
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether2 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether3 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether4 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether5 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether6 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether7 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=sfp9 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=sfp10 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=sfp11 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes comment=defconf disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=sfp12 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 \
    pvid=1 restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
add auto-isolate=no bpdu-guard=no bridge=bridge broadcast-flood=yes disabled=no edge=auto fast-leave=no frame-types=admit-all horizon=none hw=yes ingress-filtering=yes interface=ether8 !internal-path-cost learn=auto multicast-router=temporary-query !path-cost point-to-point=auto priority=0x80 pvid=1 \
    restricted-role=no restricted-tcn=no tag-stacking=no trusted=no unknown-multicast-flood=yes unknown-unicast-flood=yes
/interface bridge port-controller
# disabled
set bridge=none cascade-ports="" switch=none
/interface bridge port-extender
# disabled
set control-ports="" excluded-ports="" switch=none
/interface bridge settings
set allow-fast-path=yes use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=no
/ip firewall connection tracking
set enabled=auto generic-timeout=10m icmp-timeout=10s loose-tcp-tracking=yes tcp-close-timeout=10s tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s tcp-max-retrans-timeout=5m tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-time-wait-timeout=10s \
    tcp-unacked-timeout=5m udp-stream-timeout=3m udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=static lldp-med-net-policy-vlan=disabled mode=tx-and-rx protocol=cdp,lldp,mndp
/ip settings
set accept-redirects=no accept-source-route=no allow-fast-path=yes arp-timeout=30s icmp-rate-limit=10 icmp-rate-mask=0x1818 ip-forward=yes max-neighbor-entries=4096 rp-filter=no secure-redirects=yes send-redirects=yes tcp-syncookies=no
/ipv6 settings
set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled disable-ipv6=no forward=yes max-neighbor-entries=2048
/interface detect-internet
set detect-interface-list=none internet-interface-list=none lan-interface-list=none wan-interface-list=none
/interface ethernet switch
set bridge-type=customer-vid-used-as-lookup-vid bypass-ingress-port-policing-for="" bypass-l2-security-check-filter-for="" bypass-vlan-ingress-filter-for="" drop-if-invalid-or-src-port-not-member-of-vlan-on-ports="" drop-if-no-vlan-assignment-on-ports="" egress-mirror-ratio=1/1 egress-mirror0=\
    switch1-cpu,modified egress-mirror1=switch1-cpu,modified fdb-uses=mirror0 forward-unknown-vlan=yes ingress-mirror-ratio=1/1 ingress-mirror0=switch1-cpu,unmodified ingress-mirror1=switch1-cpu,unmodified mac-level-isolation=yes mirror-egress-if-ingress-mirrored=no mirror-tx-on-mirror-port=no \
    mirrored-packet-drop-precedence=green mirrored-packet-qos-priority=0 multicast-lookup-mode=dst-ip-and-vid-for-ipv4 name=switch1 override-existing-when-ufdb-full=no unicast-fdb-timeout=5m unknown-vlan-lookup-mode=svl use-cvid-in-one2one-vlan-lookup=yes use-svid-in-one2one-vlan-lookup=no vlan-uses=mirror0
/interface ethernet switch dscp-qos-map
set 0 dei=0 drop-precedence=green pcp=0 priority=1
set 1 dei=0 drop-precedence=green pcp=0 priority=0
set 2 dei=0 drop-precedence=green pcp=0 priority=0
set 3 dei=0 drop-precedence=green pcp=0 priority=0
set 4 dei=0 drop-precedence=green pcp=0 priority=0
set 5 dei=0 drop-precedence=green pcp=0 priority=0
set 6 dei=0 drop-precedence=green pcp=0 priority=0
set 7 dei=0 drop-precedence=green pcp=0 priority=0
set 8 dei=0 drop-precedence=green pcp=0 priority=1
set 9 dei=0 drop-precedence=green pcp=0 priority=0
set 10 dei=0 drop-precedence=green pcp=0 priority=0
set 11 dei=0 drop-precedence=green pcp=0 priority=0
set 12 dei=0 drop-precedence=yellow pcp=0 priority=0
set 13 dei=0 drop-precedence=green pcp=0 priority=0
set 14 dei=0 drop-precedence=red pcp=0 priority=0
set 15 dei=0 drop-precedence=green pcp=0 priority=0
set 16 dei=0 drop-precedence=green pcp=0 priority=2
set 17 dei=0 drop-precedence=green pcp=0 priority=0
set 18 dei=0 drop-precedence=green pcp=0 priority=2
set 19 dei=0 drop-precedence=green pcp=0 priority=0
set 20 dei=0 drop-precedence=yellow pcp=0 priority=2
set 21 dei=0 drop-precedence=green pcp=0 priority=0
set 22 dei=0 drop-precedence=red pcp=0 priority=2
set 23 dei=0 drop-precedence=green pcp=0 priority=0
set 24 dei=0 drop-precedence=green pcp=0 priority=2
set 25 dei=0 drop-precedence=green pcp=0 priority=0
set 26 dei=0 drop-precedence=green pcp=0 priority=2
set 27 dei=0 drop-precedence=green pcp=0 priority=0
set 28 dei=0 drop-precedence=yellow pcp=0 priority=2
set 29 dei=0 drop-precedence=green pcp=0 priority=0
set 30 dei=0 drop-precedence=red pcp=0 priority=2
set 31 dei=0 drop-precedence=green pcp=0 priority=0
set 32 dei=0 drop-precedence=green pcp=0 priority=2
set 33 dei=0 drop-precedence=green pcp=0 priority=0
set 34 dei=0 drop-precedence=green pcp=0 priority=2
set 35 dei=0 drop-precedence=green pcp=0 priority=0
set 36 dei=0 drop-precedence=yellow pcp=0 priority=2
set 37 dei=0 drop-precedence=green pcp=0 priority=0
set 38 dei=0 drop-precedence=red pcp=0 priority=2
set 39 dei=0 drop-precedence=green pcp=0 priority=0
set 40 dei=0 drop-precedence=green pcp=0 priority=2
set 41 dei=0 drop-precedence=green pcp=0 priority=0
set 42 dei=0 drop-precedence=green pcp=0 priority=0
set 43 dei=0 drop-precedence=green pcp=0 priority=0
set 44 dei=0 drop-precedence=green pcp=0 priority=0
set 45 dei=0 drop-precedence=green pcp=0 priority=0
set 46 dei=0 drop-precedence=green pcp=0 priority=3
set 47 dei=0 drop-precedence=green pcp=0 priority=0
set 48 dei=0 drop-precedence=green pcp=0 priority=2
set 49 dei=0 drop-precedence=green pcp=0 priority=0
set 50 dei=0 drop-precedence=green pcp=0 priority=0
set 51 dei=0 drop-precedence=green pcp=0 priority=0
set 52 dei=0 drop-precedence=green pcp=0 priority=0
set 53 dei=0 drop-precedence=green pcp=0 priority=0
set 54 dei=0 drop-precedence=green pcp=0 priority=0
set 55 dei=0 drop-precedence=green pcp=0 priority=0
set 56 dei=0 drop-precedence=green pcp=0 priority=2
set 57 dei=0 drop-precedence=green pcp=0 priority=0
set 58 dei=0 drop-precedence=green pcp=0 priority=0
set 59 dei=0 drop-precedence=green pcp=0 priority=0
set 60 dei=0 drop-precedence=green pcp=0 priority=0
set 61 dei=0 drop-precedence=green pcp=0 priority=0
set 62 dei=0 drop-precedence=green pcp=0 priority=0
set 63 dei=0 drop-precedence=green pcp=0 priority=0
/interface ethernet switch policer-qos-map
set 0 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 1 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 2 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 3 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 4 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 5 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 6 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
set 7 dei-for-red=0 dei-for-yellow=0 dscp-for-red=0 dscp-for-yellow=0 pcp-for-red=0 pcp-for-yellow=0
/interface ethernet switch port
set 0 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 1 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 2 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 3 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 4 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 5 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 6 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 7 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 8 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 9 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 10 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 11 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
set 12 action-on-static-station-move=forward allow-fdb-based-vlan-translate=no allow-mac-based-customer-vlan-assignment-for=all allow-mac-based-service-vlan-assignment-for=all allow-multicast-loopback=no allow-unicast-loopback=no custom-drop-counter-includes="" default-customer-pcp=0 default-service-pcp=0 \
    drop-dynamic-mac-move=no drop-secure-static-mac-move=no drop-when-ufdb-entry-src-drop=yes dscp-based-qos-dscp-to-dscp-mapping=yes !egress-customer-tpid-override egress-mirror-to=none egress-pcp-propagation=no !egress-service-tpid-override egress-vlan-mode=unmodified egress-vlan-tag-table-lookup-key=\
    egress-vid filter-priority-tagged-frame=no filter-tagged-frame=no filter-untagged-frame=no !ingress-customer-tpid-override ingress-mirror-to=none ingress-mirroring-according-to-vlan=no !ingress-service-tpid-override !isolation-leakage-profile-override !learn-limit pcp-based-qos-dei-mapping=0-15:0 \
    pcp-based-qos-drop-precedence-mapping=0-15:green pcp-based-qos-dscp-mapping=0-15:0 pcp-based-qos-pcp-mapping=0-15:0 pcp-based-qos-priority-mapping=0-15:0 pcp-or-dscp-based-qos-change-dei=no pcp-or-dscp-based-qos-change-dscp=no pcp-or-dscp-based-qos-change-pcp=no pcp-propagation-for-initial-pcp=no \
    per-queue-scheduling=wrr-group0:1,wrr-group0:2,wrr-group0:4,wrr-group0:8,wrr-group0:16,wrr-group0:32,wrr-group0:64,wrr-group0:128 policy-drop-counter-includes="" priority-to-queue=0-15:0,1:1,2:2,3:3 qos-scheme-precedence=ingress-acl-based,sa-based,da-based,dscp-based,protocol-based,vlan-based,pcp-based \
    queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port
/interface l2tp-server server
set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address default-profile=default-encryption enabled=yes keepalive-timeout=30 l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 !l2tpv3-ether-interface-list \
    max-mru=1450 max-mtu=1450 max-sessions=unlimited mrru=disabled one-session-per-host=no use-ipsec=yes
/interface list member
add disabled=no interface=bridge list=LAN
add disabled=no interface=ether1 list=WAN
/interface lte settings
set firmware-path=firmware mode=auto
/interface ovpn-server server
set auth=sha1,md5,sha256,sha512 certificate=*0 cipher=blowfish128,aes128-cbc default-profile=default enable-tun-ipv6=no enabled=no ipv6-prefix-len=64 keepalive-timeout=60 mac-address=FE:E1:27:BB:6E:0F max-mtu=1500 mode=ip netmask=24 port=1194 protocol=tcp redirect-gateway=disabled reneg-sec=3600 \
    require-client-certificate=no tls-version=any tun-server-ipv6=::
/interface pptp-server server
# PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead
set authentication=mschap1,mschap2 default-profile=default-encryption enabled=no keepalive-timeout=30 max-mru=1450 max-mtu=1450 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=disabled pfs=no port=443 tls-version=any verify-client-certificate=no
/interface wifi cap
set enabled=no
/interface wifi capsman
set enabled=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless cap
set bridge=none caps-man-addresses="" caps-man-certificate-common-names="" caps-man-names="" certificate=none discovery-interfaces="" enabled=no interfaces="" lock-to-caps-man=no static-virtual=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip address
add address=192.168.21.254/24 comment=defconf disabled=no interface=bridge network=192.168.21.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=none update-time=yes
/ip cloud advanced
set use-local-address=no
/ip dhcp-client
add add-default-route=yes default-route-distance=1 dhcp-options=hostname,clientid disabled=no interface=ether1 use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set accounting=yes interim-update=0s radius-password=empty store-leases-disk=5m
/ip dhcp-server network
add address=192.168.21.0/24 caps-manager="" dhcp-option="" dns-server=10.43.210.11 domain=r403.local gateway=192.168.21.254 netmask=24 !next-server ntp-server=192.168.21.254 wins-server=""
/ip dns
set address-list-extra-time=0s allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 doh-max-server-connections=5 doh-timeout=5s max-concurrent-queries=100 max-concurrent-tcp-sessions=20 max-udp-packet-size=4096 query-server-timeout=2s query-total-timeout=10s servers="" \
    use-doh-server="" verify-doh-cert=no
/ip firewall nat
add action=masquerade chain=srcnat !connection-bytes !connection-limit !connection-mark !connection-rate !connection-type !content disabled=no !dscp !dst-address !dst-address-list !dst-address-type !dst-limit !dst-port !fragment !hotspot !icmp-options !in-bridge-port !in-bridge-port-list !in-interface \
    !in-interface-list !ingress-priority !ipsec-policy !ipv4-options !layer7-protocol !limit log=no log-prefix="" !nth !out-bridge-port !out-bridge-port-list out-interface=ether1 !out-interface-list !packet-mark !packet-size !per-connection-classifier !port !priority !protocol !psd !random !routing-mark \
    !src-address !src-address-list !src-address-type !src-mac-address !src-port !tcp-mss !time !to-addresses !to-ports !ttl
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=no src-address=192.168.89.0/24 !to-addresses !to-ports
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=yes ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes sip-timeout=1h
set pptp disabled=no
set rtsp disabled=yes ports=554
set udplite disabled=no
set dccp disabled=no
set sctp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip hotspot user
set [ find default=yes ] comment="counters and limits for trial users" disabled=no name=default-trial
/ip ipsec policy
set 0 disabled=no dst-address=::/0 group=default proposal=default protocol=all src-address=::/0 template=yes
/ip ipsec settings
set accounting=yes interim-update=0s xauth-use-radius=no
/ip nat-pmp
set enabled=no
/ip proxy
set always-from-cache=no anonymous=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no cache-path=web-proxy enabled=no max-cache-object-size=2048KiB max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 parent-proxy=:: parent-proxy-port=0 port=8080 \
    serialize-connections=no src-address=::
/ip service
set telnet address="" disabled=no port=23 vrf=main
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80 vrf=main
set ssh address="" disabled=no port=22 vrf=main
set www-ssl address="" certificate=none disabled=yes port=443 tls-version=any vrf=main
set api address="" disabled=no port=8728 vrf=main
set winbox address="" disabled=no port=8291 vrf=main
set api-ssl address="" certificate=none disabled=no port=8729 tls-version=any vrf=main
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/flash/pub disabled=no max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest read-only=yes
/ip socks
set auth-method=none connection-idle-timeout=2m enabled=no max-connections=200 port=1080 version=4 vrf=main
/ip ssh
set allow-none-crypto=no always-allow-password-login=no forwarding-enabled=no host-key-size=2048 host-key-type=rsa strong-crypto=no
/ip tftp settings
set max-block-size=4096
/ip traffic-flow
set active-flow-timeout=30m cache-entries=32k enabled=no inactive-flow-timeout=15s interfaces=all packet-sampling=no sampling-interval=0 sampling-space=0
/ip traffic-flow ipfix
set bytes=yes dst-address=yes dst-address-mask=yes dst-mac-address=yes dst-port=yes first-forwarded=yes gateway=yes icmp-code=yes icmp-type=yes igmp-type=yes in-interface=yes ip-header-length=yes ip-total-length=yes ipv6-flow-label=yes is-multicast=yes last-forwarded=yes nat-dst-address=yes nat-dst-port=yes \
    nat-events=no nat-src-address=yes nat-src-port=yes out-interface=yes packets=yes protocol=yes src-address=yes src-address-mask=yes src-mac-address=yes src-port=yes sys-init-time=yes tcp-ack-num=yes tcp-flags=yes tcp-seq-num=yes tcp-window-size=yes tos=yes ttl=yes udp-length=yes
/ip upnp
set allow-disable-external-interface=no enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=yes advertise-mac-address=yes disabled=no dns="" hop-limit=unspecified interface=all managed-address-configuration=no mtu=unspecified other-configuration=no pref64="" ra-delay=3s ra-interval=3m20s-10m ra-lifetime=30m ra-preference=medium reachable-time=unspecified \
    retransmit-interval=unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls settings
set allow-fast-path=yes dynamic-label-range=16-1048575 propagate-ttl=yes
/ppp aaa
set accounting=yes interim-update=0s use-circuit-id-in-nas-port-id=no use-radius=no
/ppp secret
add caller-id="" disabled=no ipv6-routes="" limit-bytes-in=0 limit-bytes-out=0 !local-address name=vpn profile=default !remote-address !remote-ipv6-prefix routes="" service=any
/radius incoming
set accept=no port=3799 vrf=main
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing settings
set single-process=no
/snmp
set contact="" enabled=no engine-id-suffix="" location="" src-address=:: trap-community=public trap-generators=temp-exception trap-target="" trap-version=1 vrf=main
/system clock
set time-zone-autodetect=yes time-zone-name=Europe/Vienna
/system clock manual
set dst-delta=+00:00 dst-end="1970-01-01 00:00:00" dst-start="1970-01-01 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] channel=0 disabled=no port=serial0 term=vt102
/system identity
set name=GW_G21
/system leds
set 0 disabled=no interface=sfp9 leds=sfp9-led type=interface-activity
set 1 disabled=no interface=sfp10 leds=sfp10-led type=interface-activity
set 2 disabled=no interface=sfp11 leds=sfp11-led type=interface-activity
set 3 disabled=no interface=sfp12 leds=sfp12-led type=interface-activity
/system leds settings
set all-leds-off=never
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=no
/system ntp client
set enabled=yes mode=unicast servers=10.43.210.254 vrf=main
/system ntp server
set auth-key=none broadcast=no broadcast-addresses="" enabled=no local-clock-stratum=5 manycast=no multicast=no use-local-clock=no vrf=main
/system ntp client servers
add address=10.43.210.254 auth-key=none disabled=no iburst=yes max-poll=10 min-poll=6
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
/system resource usb settings
set authorization=no
/system routerboard settings
set auto-upgrade=no baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet boot-protocol=bootp enable-jumper-reset=yes enter-setup-on=any-key force-backup-booter=no preboot-etherboot=disabled preboot-etherboot-server=any protected-routerboot=disabled reformat-hold-button=20s \
    reformat-hold-button-max=10m silent-boot=no
/system routerboard reset-button
set enabled=no hold-time=0s..1m on-event=""
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes ping-start-after-boot=5m ping-timeout=1m watch-address=none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=100
/tool e-mail
set from=<> port=25 server=0.0.0.0 tls=no user="" vrf=main
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all
/tool mac-server ping
set enabled=yes
/tool romon
set enabled=no id=00:00:00:00:00:00
/tool romon port
set [ find default=yes ] cost=100 disabled=no forbid=no interface=all
/tool sms
set allowed-number="" auto-erase=no channel=0 port=none receive-enabled=no
/tool sniffer
set file-limit=1000KiB file-name="" filter-cpu="" filter-direction=any filter-dst-ip-address="" filter-dst-ipv6-address="" filter-dst-mac-address="" filter-dst-port="" filter-interface="" filter-ip-address="" filter-ip-protocol="" filter-ipv6-address="" filter-mac-address="" filter-mac-protocol="" \
    filter-operator-between-entries=or filter-port="" filter-size="" filter-src-ip-address="" filter-src-ipv6-address="" filter-src-mac-address="" filter-src-port="" filter-stream=no filter-vlan="" memory-limit=100KiB memory-scroll=yes only-headers=no streaming-enabled=no streaming-server=0.0.0.0:37008
/tool traffic-generator
set latency-distribution-max=100us measure-out-of-order=yes stats-samples-to-keep=100 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s use-radius=no
/user settings
set minimum-categories=0 minimum-password-length=0

toolongformt · Fri Jan 26, 2024 9:43 pm

On another topic you'd said you have cap ACs, here you stated you have cap ac xl. so you even don't know what models you have or at least someone used inconsistent training data for the language model.

thanks for making me smile a little

Often enough - read carefully - I posted the model number of my - call it what you want. I don't care if AC, AC xl, whatever. For me these are **ACCESS POINTS**.
Hard enough, that I still have to copy-paste the model name, I cannot "write flash into brain" such model names.
I also don't care if my Cisco APs are blue, white, or green. They are also **ACCESS POINTS**. May I send you the config of my cluster so that you believe me?
If that makes THEEE difference, if that's THEEE reason for all my troubles, sorry that I seem to have not enough brain to decide which devices I have to buy when I want to know which one.
I got the email address of a point of sales: inacker@fmsweb.de
I tried to get an answer to my question, which devices I should chose. This mail address is from mikrotik.
Wanna know the answer? Nothing, I never got something back.
I have to complain again, I didn't find a specialist who could help me, I had to search myself for "SOME" solution, without knowing if it will work.
Now I'm here with devices that may not fit, with guidelines that don't fit, my friend, who sadly really exist, doesn't pay me. And that's not fake, "my dear friend"!
I'm not angry anymore, I'm sad. 2 weeks without a solution, a few days in a forum with 200 postings where I posted my config, some answers that tell me what's wrong with my beginner's config,... and still I don't see the light at the end of a tunnel.

If you think, I buy this stuff for fun, while I have perfectly running Cisco hardware, think again.
I don't want to rant, I don't want to blame anyone. But as those postings all prove, there's not solution after ... how many days.
Wouldn't it be easy to post a few lines that describe, where my issue is, and what I exactly could do to narrow down a very, very very simple config problem?
Sorry, but if that isn't possible, you don't wanna expect me to be happy for my step learning curve which has only one result: stay with Cisco. I want to LEAVE Cisco, I want to change to mikotik, because of a lot of reasons. Really. But at the moment (!) it's really hard, if there's not at least a comment from mikrotik regarding the question, if 7.13.2 is intended to run on my CRS112 and the two "whatever you wanna call it" accesspoints / AP XL / ...

toolongformt · Fri Jan 26, 2024 9:44 pm

Mikrotik has Smartphone Apps too.

yes. One config change and the rest is dead. I had to reset my 328 after that.

toolongformt · Fri Jan 26, 2024 9:47 pm

oh, and for all who may think I had deleted something - no. I just don't have firewall settings so far!

Current documentation for 7.13.2 and capsman

Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Aktuelle Dokumentation für 7.13.2 und Capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Re: Current documentation for 7.13.2 and capsman

Who is online